LOG4J Remote Code Execution Vulnerability
Identifier: CVE-2021-44228
Exploit or POC: YES.
Update: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.14.1 are all affected. Log4j has been patched, but due to the Log4J implementation, the updates may come from the vendors that use Log4J in their applications and may not be able to be updated manually in some cases. If the host is running Java runtime later than 8u121, the exploit will not work due to com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase being disabled by default.
Mitigation recommendation:
- Disable JNDI lookup by removing the JndiLookup file in the log4j-core and restart the service.
- Restart using the start parameter ‘ log4j2.formatMsgNoLookups; ‘ with the value of true if you’re unable to patch will work as temporary mitigation.
Example: “java -log4j2.formatMsgNoLookups=true -jar application.jar” -
Update to the newest version of log4j https://github.com/apache/logginglog4j2/releases/tag/log4j-2.15.0-rc2
